NextDNS Fedora Repo Update failing signature verification

When trying to update the NextDNS client from version 1.37.10-1 to 1.37.11-1 and I'm seeing the following errors:

/var/cache/PackageKit/36/metadata/nextdns-36-x86_64/packages/nextdns_1.37.11_x86_64.rpm could not be verified.
/var/cache/PackageKit/36/metadata/nextdns-36-x86_64/packages/nextdns_1.37.11_x86_64.rpm:  digest:  SIGNATURE:  NOT OK

I'm running Fedora Linux and using the NextDNS package from the following repo:

[username@hostname ~]$ cat /etc/yum.repos.d/nextdns.repo
[nextdns]
name=nextdns
baseurl=https://repo.nextdns.io/rpm
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://repo.nextdns.io/nextdns-armored.gpg

Security

Like Follow

- Nickolas Gupton
- CorruptComputer
- 2 mths ago
- Bug Reports
- Reported - view
Sorry should have also added, I've cleared my local dnf cache and tried re-downloading this package, made no difference and gave the same error.

Like
- Nickolas Gupton
- CorruptComputer
- 2 mths ago
- Bug Reports
- Reported - view
@nextdns Any update on this? The rpm package in your repo is failing signature verification still, which means it might have been tampered with. I'm afraid to update it due to the high number of supply chain attacks that have taken place in recent months.

Like

Like Follow

2 mths agoLast active
2Replies
33Views
1 Following

Welcome to the Community!

NextDNS Fedora Repo Update failing signature verification

Home

Tags